- Implement SamIConnect.
- Add a trusted caller flag to the database object type and inherit it to opened or created sub objects.
- Restrict access to SamrQueryInformationUser.UserInternal1Information for non-trusted callers.

svn path=/trunk/; revision=58472
This commit is contained in:
Eric Kohl 2013-03-11 21:01:30 +00:00
parent 8caefdd06a
commit 39d6a91610
5 changed files with 60 additions and 6 deletions

View file

@ -210,7 +210,7 @@ SampCreateDbObject(IN PSAM_DB_OBJECT ParentObject,
}
NewObject = RtlAllocateHeap(RtlGetProcessHeap(),
0,
HEAP_ZERO_MEMORY,
sizeof(SAM_DB_OBJECT));
if (NewObject == NULL)
{
@ -243,6 +243,9 @@ SampCreateDbObject(IN PSAM_DB_OBJECT ParentObject,
NewObject->RelativeId = RelativeId;
NewObject->ParentObject = ParentObject;
if (ParentObject != NULL)
NewObject->Trusted = ParentObject->Trusted;
*DbObject = NewObject;
return STATUS_SUCCESS;
@ -359,7 +362,7 @@ SampOpenDbObject(IN PSAM_DB_OBJECT ParentObject,
}
NewObject = RtlAllocateHeap(RtlGetProcessHeap(),
0,
HEAP_ZERO_MEMORY,
sizeof(SAM_DB_OBJECT));
if (NewObject == NULL)
{
@ -391,6 +394,9 @@ SampOpenDbObject(IN PSAM_DB_OBJECT ParentObject,
NewObject->RelativeId = RelativeId;
NewObject->ParentObject = ParentObject;
if (ParentObject != NULL)
NewObject->Trusted = ParentObject->Trusted;
*DbObject = NewObject;
return STATUS_SUCCESS;

View file

@ -57,6 +57,8 @@ static GENERIC_MAPPING UserMapping =
USER_ALL_ACCESS
};
PGENERIC_MAPPING pServerMapping = &ServerMapping;
/* FUNCTIONS *****************************************************************/
@ -6043,14 +6045,19 @@ done:
}
static NTSTATUS
static
NTSTATUS
SampQueryUserInternal1(PSAM_DB_OBJECT UserObject,
PSAMPR_USER_INFO_BUFFER *Buffer)
PSAMPR_USER_INFO_BUFFER *Buffer)
{
PSAMPR_USER_INFO_BUFFER InfoBuffer = NULL;
ULONG Length = 0;
NTSTATUS Status = STATUS_SUCCESS;
/* Fail, if the caller is not a trusted caller */
if (UserObject->Trusted == FALSE)
return STATUS_INVALID_INFO_CLASS;
*Buffer = NULL;
InfoBuffer = midl_user_allocate(sizeof(SAMPR_USER_INFO_BUFFER));

View file

@ -25,6 +25,43 @@ WINE_DEFAULT_DEBUG_CHANNEL(samsrv);
/* FUNCTIONS ****************************************************************/
NTSTATUS
NTAPI
SamIConnect(IN PSAMPR_SERVER_NAME ServerName,
OUT SAMPR_HANDLE *ServerHandle,
IN ACCESS_MASK DesiredAccess,
IN BOOLEAN Trusted)
{
PSAM_DB_OBJECT ServerObject;
NTSTATUS Status;
TRACE("SamIConnect(%p %p %lx %ld)\n",
ServerName, ServerHandle, DesiredAccess, Trusted);
/* Map generic access rights */
RtlMapGenericMask(&DesiredAccess,
pServerMapping);
/* Open the Server Object */
Status = SampOpenDbObject(NULL,
NULL,
L"SAM",
0,
SamDbServerObject,
DesiredAccess,
&ServerObject);
if (NT_SUCCESS(Status))
{
ServerObject->Trusted = Trusted;
*ServerHandle = (SAMPR_HANDLE)ServerObject;
}
TRACE("SamIConnect done (Status 0x%08lx)\n", Status);
return Status;
}
NTSTATUS
NTAPI
SamIInitialize(VOID)

View file

@ -50,6 +50,7 @@ typedef struct _SAM_DB_OBJECT
HANDLE KeyHandle;
HANDLE MembersKeyHandle; // only used by Aliases
ULONG RelativeId;
BOOLEAN Trusted;
struct _SAM_DB_OBJECT *ParentObject;
} SAM_DB_OBJECT, *PSAM_DB_OBJECT;
@ -113,6 +114,9 @@ typedef struct _SAM_USER_FIXED_DATA
} SAM_USER_FIXED_DATA, *PSAM_USER_FIXED_DATA;
extern PGENERIC_MAPPING pServerMapping;
/* database.c */
NTSTATUS

View file

@ -4,7 +4,7 @@
@ stub SamIAmIGC
@ stub SamIChangePasswordForeignUser
@ stub SamIChangePasswordForeignUser2
@ stub SamIConnect
@ stdcall SamIConnect(ptr ptr long long)
@ stub SamICreateAccountByRid
@ stub SamIDemote
@ stub SamIDemoteUndo
@ -156,4 +156,4 @@
@ stdcall SamrTestPrivateFunctionsDomain(ptr)
@ stdcall SamrTestPrivateFunctionsUser(ptr)
@ stdcall SamrUnicodeChangePasswordUser2(ptr ptr ptr ptr ptr long ptr ptr)
; EOF
; EOF